21858bd5c7d0bf5a55f54eb9986b83e0_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

21858bd5c7d0bf5a55f54eb9986b83e0_NeikiAnalytics
Size

1.7MB
MD5

21858bd5c7d0bf5a55f54eb9986b83e0
SHA1

67c3026f4a53c683c8e9aa75a447c63188da9f85
SHA256

629332f406312c5869e9c582ec98925f4d833c78a6d05cc0221ab2d6d248a1f7
SHA512

94f2f79919443712f567ba1278b8c475bb2df33dbf162b68fdaa5c7d8ad548e2b1cf483b9b8f53216a0b0d3fa221d06551bea4abea263cddd1880a3d70dee5fd
SSDEEP

24576:jtH2Bqg9LZn+jm2gWFPaAuzWL9DLpZFDcaqF0iFbs:jt49LgjmnePaAN5PpZhca47Fbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21858bd5c7d0bf5a55f54eb9986b83e0_NeikiAnalytics

Files

21858bd5c7d0bf5a55f54eb9986b83e0_NeikiAnalytics
.exe windows:10 windows x86 arch:x86

2527eb3efec0a4abc6bc7559ba53a56d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

signtool.pdb

Imports

advapi32

CryptDestroyKey
CryptReleaseContext
CryptGetUserKey
CryptEnumProvidersW
CryptAcquireContextW
CryptDestroyHash
CryptCreateHash
CryptSetHashParam
CryptSignHashA

kernel32

MultiByteToWideChar
GetFullPathNameW
FindFirstFileW
GetLastError
GetProcessHeap
HeapFree
GetStringTypeW
FileTimeToLocalFileTime
FindClose
EncodePointer
ExpandEnvironmentStringsW
GetFileType
WriteFile
GetDateFormatEx
GetTimeFormatEx
WideCharToMultiByte
DecodePointer
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleA
HeapSetInformation
LocalAlloc
EnumResourceNamesW
EnumResourceLanguagesW
LockResource
LoadResource
SizeofResource
FindResourceExW
GetEnvironmentVariableW
LoadLibraryW
MapViewOfFile
CreateFileMappingA
GetFileSize
GetSystemInfo
UnmapViewOfFile
LocalFree
CreateFileW
Wow64RevertWow64FsRedirection
CloseHandle
SetLastError
GetProcAddress
GetModuleHandleW
HeapAlloc
GetCurrentThreadId
FormatMessageW
FreeLibrary
LoadLibraryA
FileTimeToSystemTime
FindNextFileW
GetVersionExA

mfc42

ord823
ord825

msvcrt

isupper
setlocale
malloc
___lc_codepage_func
___lc_handle_func
__pctype_func
_errno
___mb_cur_max_func
fputc
__uncaught_exception
strerror
__mb_cur_max
memset
memmove
memcpy
ungetwc
ungetc
setvbuf
fwrite
_fseeki64
_XcptFilter
fgetpos
fgetc
fflush
__iob_func
__crtLCMapStringA
_wsetlocale
_purecall
puts
_time64
realloc
strchr
swscanf
??1type_info@@UAE@XZ
towlower
fclose
__p__commode
_amsg_exit
fseek
_wfopen
_wcsnicmp
__wgetmainargs
__set_app_type
exit
_exit
__p__fmode
_mktime64
wcsncmp
??4exception@@QAEAAV0@ABV0@@Z
qsort_s
_except_handler4_common
calloc
__crtLCMapStringW
___lc_collate_cp_func
__crtCompareStringW
memcmp
islower
_CxxThrowException
abort
towupper
iswdigit
_onexit
_controlfp
__dllonexit
_unlock
_lock
fsetpos
iswalpha
fgetwc
wprintf
fwprintf
wcsstr
??0exception@@QAE@XZ
memcpy_s
free
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??_V@YAXPAX@Z
strcspn
localeconv
memmove_s
sprintf_s
_wcsicmp
putchar
_wctime64
mktime
fputwc
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
__CxxFrameHandler3
?terminate@@YAXXZ
_initterm
_wtoi
__setusermatherr
_cexit
memchr

ntdll

RtlWow64EnableFsRedirectionEx
RtlAllocateHeap
RtlFreeHeap

crypt32

CertFreeCertificateChain
CryptMsgGetParam
CryptDecodeObject
CryptFindOIDInfo
CertFindAttribute
CertGetEnhancedKeyUsage
CryptMsgClose
CertCreateCertificateContext
CertCompareCertificate
CryptMsgControl
CertDuplicateStore
CertCloseStore
CertDuplicateCertificateChain
CryptEncodeObjectEx
CertGetCertificateContextProperty
CryptQueryObject
CertAddCertificateContextToStore
CertOpenStore
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CryptStringToBinaryW
CertFindRDNAttr
CryptMemFree
CryptVerifyDetachedMessageSignature
CryptVerifyMessageSignature
CryptMsgOpenToDecode
CryptMsgUpdate
CryptExportPublicKeyInfoEx
CryptAcquireCertificatePrivateKey
CertGetNameStringW
CertFindExtension
CertGetValidUsages
CertGetCertificateChain
CryptHashCertificate2
CertSetCertificateContextProperty
CryptBinaryToStringA
CryptStringToBinaryA
CryptBinaryToStringW
CertControlStore
PFXImportCertStore
CertFindCertificateInStore
CertAddStoreToCollection
CryptMsgOpenToEncode
CertComparePublicKeyInfo
CryptDecodeObjectEx
CryptSIPRetrieveSubjectGuid
CryptSIPLoad
CertDuplicateCertificateContext
CertFreeCertificateContext

user32

LoadStringW

ole32

CoTaskMemFree
CoTaskMemAlloc

oleaut32

SysFreeString
GetErrorInfo

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain

shlwapi

SHCreateStreamOnFileW

bcrypt

BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptCreateHash

ncrypt

NCryptSignHash

xmllite

CreateXmlWriter

mssign32

SignerFreeSignerContext
SignerSign
SignerTimeStamp

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2527eb3efec0a4abc6bc7559ba53a56d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

mfc42

msvcrt

ntdll

crypt32

user32

ole32

oleaut32

wintrust

shlwapi

bcrypt

ncrypt

xmllite

mssign32

Sections

.text Size: 218KB - Virtual size: 217KB

.data Size: 1KB - Virtual size: 19KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 68KB - Virtual size: 68KB

.reloc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 218KB - Virtual size: 217KB

.data
Size: 1KB - Virtual size: 19KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 68KB - Virtual size: 68KB

.reloc
Size: 1.4MB - Virtual size: 1.4MB